Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/LM9g0k53nEPJgIm715DHHllPVGc.roa
File:                     LM9g0k53nEPJgIm715DHHllPVGc.roa (raw, json)
Hash identifier:          OzS1a/5sXB764+zgZqfA8eJHk+mHEMypuXT3a2JMMEs=
Subject key identifier:   2C:CF:60:D2:4E:77:9C:43:C9:80:89:BB:D7:90:C7:1E:59:4F:54:67
Certificate issuer:       /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial:       018CC2DB15AC7CD5B112055F56DE01614136
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/LM9g0k53nEPJgIm715DHHllPVGc.roa
Signing time:             Mon 01 Jan 2024 02:29:46 +0000
ROA not before:           Mon 01 Jan 2024 02:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201917
IP address blocks:        194.20.64.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:15:ac:7c:d5:b1:12:05:5f:56:de:01:61:41:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
        Validity
            Not Before: Jan  1 02:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ccf60d24e779c43c98089bbd790c71e594f5467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b9:2c:c3:d6:2b:11:d8:80:d4:14:93:c8:89:
                    e3:9d:b4:bf:de:c2:35:de:7a:3c:fe:c7:56:c3:ea:
                    d4:22:f9:29:5f:e6:43:43:25:36:4d:f4:04:01:e0:
                    9b:8c:8f:41:24:9d:24:aa:f1:3a:6b:39:3f:65:ed:
                    4f:6f:b2:3b:f8:4c:6f:9f:d0:b8:cf:b3:ee:6a:e8:
                    22:d4:aa:16:e9:10:f4:88:49:01:1d:fc:94:f3:a3:
                    f1:03:8b:a0:9b:71:5c:82:68:9b:2a:68:10:0c:42:
                    49:4a:e8:b5:15:41:ba:6a:5d:c9:97:d0:6a:8c:b2:
                    36:a8:7e:cd:a5:d8:89:47:e9:db:45:ef:6a:62:75:
                    a8:71:d6:41:2c:e8:99:dc:e9:48:12:8b:3f:6a:28:
                    6a:cd:05:8f:da:7d:14:8d:40:cf:66:aa:b8:14:4f:
                    59:3a:3f:f8:ac:9d:21:e3:2a:98:fb:b7:0b:e8:fe:
                    46:55:c7:1b:aa:1e:fd:70:9b:bd:5e:5c:9c:c5:3a:
                    d0:ec:64:27:0a:66:19:2d:ab:d8:07:d5:ac:42:35:
                    68:98:93:f0:e9:8a:b9:20:f0:9f:7f:9e:80:95:0a:
                    4d:ad:41:a6:92:1e:00:d0:d7:38:09:a0:58:5d:55:
                    9e:6a:33:a6:0f:5b:25:a5:61:e9:19:93:05:a6:f2:
                    85:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:CF:60:D2:4E:77:9C:43:C9:80:89:BB:D7:90:C7:1E:59:4F:54:67
            X509v3 Authority Key Identifier:
                keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/LM9g0k53nEPJgIm715DHHllPVGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.20.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         73:5b:f6:37:43:86:e2:2c:0b:c3:f2:f2:06:e8:05:0d:c9:10:
         ad:25:5a:77:75:79:92:97:f3:e5:d6:7c:45:ad:54:96:03:cf:
         fd:ae:93:30:22:db:d6:9c:62:42:5e:c2:09:61:95:d8:0e:63:
         7a:ff:6b:fd:cd:72:c5:2d:72:6e:b9:73:d7:e6:c5:54:71:01:
         14:a8:99:14:4b:9a:3c:08:3c:f4:d3:5a:35:76:f7:79:89:24:
         06:79:86:82:31:13:83:e1:c8:b2:6c:91:39:5d:6c:2e:34:c5:
         06:75:d7:c8:82:53:67:7f:47:62:17:dd:41:5f:e4:a7:ae:cb:
         7a:d4:d5:2b:53:b6:46:04:af:fa:e5:90:53:05:a9:05:08:5a:
         61:a2:d1:13:dc:bb:16:9a:e3:97:82:24:07:8e:1c:8a:0e:31:
         20:d0:4e:71:88:7c:d2:54:ca:e6:33:fe:76:43:b2:07:95:5b:
         36:23:b9:46:4f:ca:54:14:43:3f:47:63:bb:c3:df:36:21:3e:
         47:a1:71:ef:19:f2:fa:07:0e:8f:57:0a:b7:9c:c3:34:b8:9e:
         d4:f3:87:04:0a:61:0a:11:96:5b:95:63:fb:66:17:97:7d:47:
         6e:e2:5c:b3:3c:cd:c6:a0:3e:32:d5:ea:1f:4e:34:c8:e4:af:
         25:ea:d6:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xWsfNWxEgVfVt4BYUE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjQwMTAxMDIyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2NmNjBkMjRlNzc5YzQzYzk4MDg5YmJkNzkwYzcxZTU5NGY1NDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7ksw9YrEdiA1BSTyInjnbS/3sI1
3no8/sdWw+rUIvkpX+ZDQyU2TfQEAeCbjI9BJJ0kqvE6azk/Ze1Pb7I7+Exvn9C4
z7Puaugi1KoW6RD0iEkBHfyU86PxA4ugm3FcgmibKmgQDEJJSui1FUG6al3Jl9Bq
jLI2qH7NpdiJR+nbRe9qYnWocdZBLOiZ3OlIEos/aihqzQWP2n0UjUDPZqq4FE9Z
Oj/4rJ0h4yqY+7cL6P5GVccbqh79cJu9XlycxTrQ7GQnCmYZLavYB9WsQjVomJPw
6Yq5IPCff56AlQpNrUGmkh4A0Nc4CaBYXVWeajOmD1slpWHpGZMFpvKF3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzPYNJOd5xDyYCJu9eQxx5ZT1RnMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvTE05ZzBrNTNuRVBKZ0ltNzE1REhIbGxQVkdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEwhRAMA0G
CSqGSIb3DQEBCwUAA4IBAQBzW/Y3Q4biLAvD8vIG6AUNyRCtJVp3dXmSl/Pl1nxF
rVSWA8/9rpMwItvWnGJCXsIJYZXYDmN6/2v9zXLFLXJuuXPX5sVUcQEUqJkUS5o8
CDz001o1dvd5iSQGeYaCMROD4ciybJE5XWwuNMUGddfIglNnf0diF91BX+Snrst6
1NUrU7ZGBK/65ZBTBakFCFphotET3LsWmuOXgiQHjhyKDjEg0E5xiHzSVMrmM/52
Q7IHlVs2I7lGT8pUFEM/R2O7w982IT5HoXHvGfL6Bw6PVwq3nMM0uJ7U84cECmEK
EZZblWP7ZheXfUdu4lyzPM3GoD4y1eofTjTI5K8l6tbJ
-----END CERTIFICATE-----